From f83da5ab0e946e2160a00a4a66349117da3bd165 Mon Sep 17 00:00:00 2001 From: John Pipkin Date: Thu, 6 Nov 2025 15:11:18 -0600 Subject: [PATCH 1/5] Images in manage --- .../manage/content-sharing/changing-alerts.md | 22 +++---------- docs/manage/content-sharing/index.md | 6 ++-- docs/manage/data-archiving/archive.md | 2 +- .../create-field-extraction-rule.md | 3 +- docs/manage/field-extractions/index.md | 2 +- docs/manage/fields.md | 20 ++++++------ docs/manage/health-events.md | 21 ++++++------ .../collection-status-page.md | 3 +- .../log-tracing-data-volume-index.md | 8 +++-- .../metrics-data-volume-index.md | 6 ++-- .../ingest-budgets/daily-volume.md | 8 ++--- .../monitor-ingestion-receive-alerts.md | 12 +++---- .../cloud-flex-legacy-accounts.md | 32 ++++++++----------- .../upgrade-cloud-flex-legacy-account.md | 8 +++-- docs/manage/partitions/data-tiers/faq.md | 8 ++--- docs/manage/partitions/data-tiers/index.md | 2 +- .../scheduled-views-best-practices.md | 6 ++-- docs/manage/security/installation-tokens.md | 2 +- .../cloud-infrastructure-security-for-aws.md | 2 +- 19 files changed, 79 insertions(+), 94 deletions(-) diff --git a/docs/manage/content-sharing/changing-alerts.md b/docs/manage/content-sharing/changing-alerts.md index f3ca0bec48..254cfeb459 100644 --- a/docs/manage/content-sharing/changing-alerts.md +++ b/docs/manage/content-sharing/changing-alerts.md @@ -21,21 +21,10 @@ If you're using a search template with your saved search, you cannot modify the To edit an alert: 1. Go to the Sumo Logic library by clicking the folder icon in the main Sumo Logic menu: Library icon - 1. Click in the search area to display a list of library object types, and choose **Scheduled Searches**.  - -1. Select the edit icon in the library for the scheduled search you'd like to edit.  - - ![EditAlert.png](/img/content-sharing/EditAlert.png) - -1. Click **Edit this search's schedule**. - - ![edit-search-schedule](/img/content-sharing/edit-search-schedule.png) - -1. Modify the frequency, time range, and alert type as needed. - - ![EditAlert3.png](/img/content-sharing/EditAlert3.png) - +1. Select the edit icon in the library for the scheduled search you'd like to edit.
Select the edit icon in the library +1. Click **Edit this search's schedule**.
Edit search schedule +1. Modify the frequency, time range, and alert type as needed.
Modify the alert 1. Click **Update** to save your changes. ## Cancel alerts on a shared search @@ -43,10 +32,7 @@ To edit an alert: If you have Edit permissions on the shared search, you can stop recipients from receiving alerts by setting the run frequency to **Never**. We recommend doing this when a search is no longer relevant rather than deleting the search so that it can be available to you later if you need it. Deleting the shared search is possible, if you have Manage permissions, but does not allow you the ability to restore a scheduled search later if you need it. 1. Navigate to the scheduled search you want to edit, as described above in [Edit an alert](#edit-an-alert). -1. Select the edit icon in the library for the scheduled search. - - ![EditAlert.png](/img/content-sharing/EditAlert.png) - +1. Select the edit icon in the library for the scheduled search.
Select the edit icon in the library 1. In the **Edit Search** dialog, click **Edit this search's schedule**. 1. From the **Run Frequency** menu, choose **Never** to cancel the scheduled search. 1. Click **Update** to save your changes. diff --git a/docs/manage/content-sharing/index.md b/docs/manage/content-sharing/index.md index a4457bf42f..469f05f8bd 100644 --- a/docs/manage/content-sharing/index.md +++ b/docs/manage/content-sharing/index.md @@ -41,10 +41,8 @@ To find content in the library that has been shared with you, click the clock i To share content from the left navigation bar or the library: -1. Click the details icon ![details](/img/content-sharing/details.png) for the content you want to share. -1. Select **Share** from the dropdown menu. - - Share search +1. Click the details icon Details icon for the content you want to share. +1. Select **Share** from the dropdown menu.
Share search :::note * The **Share** option appears on the dropdown menu only if you have permissions to grant access. See [Available permission levels](#available-permission-levels). diff --git a/docs/manage/data-archiving/archive.md b/docs/manage/data-archiving/archive.md index 0480887cac..1d97f1932f 100644 --- a/docs/manage/data-archiving/archive.md +++ b/docs/manage/data-archiving/archive.md @@ -184,7 +184,7 @@ Click on a table row to view the Source details. This includes: * **Description** * **AWS S3 bucket** * All **Ingestion jobs** that are and have been created on the Source. - * Each ingestion job shows the name, time window, and volume of data processed by the job. Click the icon ![open in search icon.png](/img/archive/open-search-icon.png) to the right of the job name to start a Search against the data that was ingested by the job. + * Each ingestion job shows the name, time window, and volume of data processed by the job. Click the icon Open in search icon to the right of the job name to start a Search against the data that was ingested by the job. * Hover your mouse over the information icon to view who created the job and when.
Archive details pane ## Create an ingestion job diff --git a/docs/manage/field-extractions/create-field-extraction-rule.md b/docs/manage/field-extractions/create-field-extraction-rule.md index 2c483e25ea..69e768df89 100644 --- a/docs/manage/field-extractions/create-field-extraction-rule.md +++ b/docs/manage/field-extractions/create-field-extraction-rule.md @@ -4,6 +4,7 @@ title: Create a Field Extraction Rule description: Field Extraction Rules (FER) tell Sumo Logic which fields to parse out automatically. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; import Iframe from 'react-iframe'; import FerLimit from '../../reuse/fer-limitations.md'; @@ -47,7 +48,7 @@ To create a Field Extraction Rule: 1. [**New UI**](/docs/get-started/sumo-logic-ui). To access the Field Extraction Rules page, in the main Sumo Logic menu select **Data Management**, and then under **Logs** select **Field Extraction Rules**. You can also click the **Go To...** menu at the top of the screen and select **Field Extraction Rules**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Field Extraction Rules**. 1. Click the **+ Add** button on the top right of the table. -1. The **Add Field Extraction Rule** form will appear:
![Create Field extraction rule with dynamic parsing.png](/img/field-extraction-rules/create-fer.png) +1. The **Add Field Extraction Rule** form will appear:
Create Field extraction rule with dynamic parsing 1. Enter the following options: * **Rule Name**. Type a name that makes it easy to identify the rule. * **Applied At**. There are two types available, Ingest Time and Run Time. The main differences are Run Time only supports JSON data and the time that Sumo parses the fields. The following is an overview of the differences: diff --git a/docs/manage/field-extractions/index.md b/docs/manage/field-extractions/index.md index ff0ec376af..9bf5a08c4a 100644 --- a/docs/manage/field-extractions/index.md +++ b/docs/manage/field-extractions/index.md @@ -33,7 +33,7 @@ The Field Extraction Rules page displays the following information:  When hovering over a row in the table there are icons that appear on the far right for editing, disabling and deleting the rule. -* **Status** shows a checkmark in a green circle ![check in green circle.png](/img/reuse/green-check-circle.png) to indicate if the Rule is actively being applied or an exclamation mark in a red circle ![exclamation in red circle.png](/img/reuse/exclamation-red-circle.png) to indicate if the Rule is disabled. +* **Status** shows a checkmark in a green circle Check in green circle to indicate if the Rule is actively being applied or an exclamation mark in a red circle Exclamation in red circl to indicate if the Rule is disabled. * **Rule Name** * **Applied At** indicates when the field extraction process occurs, either at Ingest or Run time. * **Scope**  diff --git a/docs/manage/fields.md b/docs/manage/fields.md index 04fa887d6b..8baa6df1fe 100644 --- a/docs/manage/fields.md +++ b/docs/manage/fields.md @@ -86,13 +86,13 @@ Fields can be assigned to a Collector and Source using the **Fields** input ta 1. Click **Save**. -![edit collector fields name.png](/img/fields/edit-collector-fields-name.png) +Edit collector fields name In the above example, we have created a new field called `cluster` and set the value to `k8s.dev`. With this configuration, any logs sent to this Collector will now have this key-value pair associated with it. With this association, you can search for `cluster=k8s.dev` to return your logs. -![collector field search results.png](/img/fields/collector-field-search-results.png) +Collector field search results ### Using Collector API @@ -181,7 +181,7 @@ curl -v -X POST -H 'X-Sumo-Fields:environment=dev,cluster=k8s' -T /file.txt With this field set on your Source, headers are processed as metadata fields. For example, a cURL command posting data with custom fields would look like: @@ -235,7 +235,7 @@ You need the **Manage Fields** [role capability](users-roles/roles/role-capab The Fields page displays the following information:  -* **Status** shows a checkmark in a green circle green check circle.png to indicate if the field is actively being applied or an exclamation mark in a red circle ![red-exclamation-circle.png](/img/fields/red-exclamation-circle.png) to indicate if the field is disabled and being dropped. +* **Status** shows a checkmark in a green circle green check circle.png to indicate if the field is actively being applied or an exclamation mark in a red circle Red exclamation circle to indicate if the field is disabled and being dropped. * **Field Name** is the name of the field, known as the key in the key-value pair. * **Data Type** shows the data type of the field. * **Field Extraction Rules** shows the number of Field Extraction Rules that reference the field. @@ -263,8 +263,6 @@ When hovering over a row in the table there are icons that appear on the far ri For the fields listed, select a row to view its details. A details pane appears to the right of the table where you can disable and delete the field.
Manage Fields -![selected field details pane.png](/img/fields/selected-field-details-pane.png) - #### Add field Adding a field will define it in the Fields schema allowing it to be assigned as metadata to your logs. @@ -272,7 +270,7 @@ Adding a field will define it in the Fields schema allowing it to be assigned a 1. Click the **+ Add** button on the top right of the table. A panel named **Add Field** appears to the right of the fields table. 1. Input a field name and click **Save**. -![add field input.png](/img/fields/add-field-input.png) +Add field input #### Disable field @@ -290,7 +288,7 @@ In the details pane of the field, click the **Disable** button.
delete-icon +delete-icon You will see the following prompt and you must remove the field reference before you can delete it. @@ -308,11 +306,11 @@ Built-in fields cannot be deleted. For example, if the field is used by a Field Extraction Rule, you must first delete the Field Extraction Rule before you can delete the field. -![field cannot delete.png](/img/fields/field-cannot-delete.png) +Field cannot delete If the field is not used by those features you will see the following prompt. -![delete field confirm.png](/img/fields/delete-field-confirm.png) +Delete field confirm #### View dropped fields diff --git a/docs/manage/health-events.md b/docs/manage/health-events.md index ade43f0fa1..b01074c9aa 100644 --- a/docs/manage/health-events.md +++ b/docs/manage/health-events.md @@ -4,6 +4,8 @@ title: Health Events description: Monitor the health of your Collectors and Sources. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + ## Availability | Account Type | Account Level | @@ -40,11 +42,11 @@ On the health events table, you can search, filter, and sort incidents by ke [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To access the health events table, in the main Sumo Logic menu select **Manage Data > Monitoring > Health Events**. -![health events table.png](/img/health-events/health-events-table.png) +Health events tabl Click on a row to view the details of a health event. -![health event detail.png](/img/health-events/health-event-detail.png) +Health event detail Click the **Create Scheduled Search** button on the details pane to get alerts for specific health events. The unique identifier of the resource, such as the Source or Collector, is used in the query. See [Schedule a Search](../alerts/scheduled-searches/schedule-search.md) for details. @@ -57,8 +59,8 @@ Under the **More Actions** menu you can select: Events are categorized by two severity levels, warning and error. The severity column has color-coded error and warning events so you can quickly determine the severity of a given issue. -* ![warning label.png](/img/health-events/warning-label.png) A warning indicates the Collector or Source has a configuration issue or is operating in a degraded state. -* ![Error label.png](/img/health-events/Error-label.png) An error indicates the Collector or Source is unable to collect data as expected. +* Warning label A warning indicates the Collector or Source has a configuration issue or is operating in a degraded state. +* Error label An error indicates the Collector or Source is unable to collect data as expected. ### Common parameters @@ -138,12 +140,7 @@ A **Health** column on the Collection page shows color-coded healthy, error, a The **status** column now shows the status of Sources manually paused by users. -![Collection health column.png](/img/health-events/Collection-health-column.png) - -* Hover your mouse over a Collector or Source to view a tooltip that provides the number of health events detected on the Collector or Source. - - ![health tooltip.png](/img/health-events/health_tooltip.png) - -* Click on the **Health** status in a row to view a pop-up displaying a list of related events. +Collection health column - ![object event details.png](/img/health-events/object_event_details.png) +* Hover your mouse over a Collector or Source to view a tooltip that provides the number of health events detected on the Collector or Source.
Health tooltip +* Click on the **Health** status in a row to view a pop-up displaying a list of related events.
Object event details diff --git a/docs/manage/ingestion-volume/collection-status-page.md b/docs/manage/ingestion-volume/collection-status-page.md index e0ad79f811..970552ca0c 100644 --- a/docs/manage/ingestion-volume/collection-status-page.md +++ b/docs/manage/ingestion-volume/collection-status-page.md @@ -4,12 +4,13 @@ title: Collection Status Page description: Provides a visual snapshot of the message history for your deployment, and a message volume histogram for each Collector. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; The Status page provides a message volume history for your account, as well as a message volume histogram for each Collector, giving you immediate visual feedback about traffic spikes or collection issues. To see statistics for any bar in the histogram, hover your mouse pointer over the area of interest. When you first install a Collector it is common to configure Sources to collect some historical data, rather than from the moment of installation. In this case, the status page shows a spike in message volume and then levels out as collection reaches a steady state. For example, a local log file can contain millions of log messages. When the Collector is initialized, it quickly gathers all those logs and sends them to Sumo Logic resulting in a traffic spike. After the initial collection, the Collector continues to tail the file, reading from the end of the file as new entries are created, and sends a smaller number of new log messages. -![Status tab](/img/manage/ingestion-volume/collection-status.png) +Status tab * **A.** Select to show all, running, or stopped Collectors. * **B.** Select how many columns of Collectors are displayed. diff --git a/docs/manage/ingestion-volume/data-volume-index/log-tracing-data-volume-index.md b/docs/manage/ingestion-volume/data-volume-index/log-tracing-data-volume-index.md index 6461439a28..2ed4014f7d 100644 --- a/docs/manage/ingestion-volume/data-volume-index/log-tracing-data-volume-index.md +++ b/docs/manage/ingestion-volume/data-volume-index/log-tracing-data-volume-index.md @@ -4,6 +4,8 @@ title: Log and Tracing Data Volume Index description: The Data Volume Index is populated with a set of log messages that contain information on how much data (by bytes and messages count) your account is ingesting. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + The data volume index is populated with a set of log messages every five minutes. The messages contain information on how much data (by bytes and messages count) your account is ingesting. Your data volume is calculated based on when your logs were received, in Sumo this timestamp is stored with the `_receiptTime` [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field. Each log message includes information based on one of the following index source categories. | Index Log Type | Index Source Category | @@ -97,7 +99,7 @@ _index=sumologic_volume _sourceCategory = "sourcecategory_and_tier_volume" would produce results such as: -![clipboard_e08593bedbf920dea82726b15964e56f6.png](/img/manage/ingestion-volume/volume-each-category.png) +Volume for each category **Volume for Each Collector by Tier** @@ -223,7 +225,7 @@ _index=sumologic_volume _sourceCategory="sourcecategory_tracing_volume" This query produces results like these:  -![tracing-volume-source-category](/img/manage/ingestion-volume/tracing-volume-source-category.png) +Tracing volume source category #### Tracing volume by collector @@ -238,7 +240,7 @@ _index=sumologic_volume _sourceCategory="collector_tracing_volume" This query produces results like these: -![image](/img/manage/ingestion-volume/tracing-volume-source-category.png) +Tracing volume by collector #### Tracing volume for a specific collector diff --git a/docs/manage/ingestion-volume/data-volume-index/metrics-data-volume-index.md b/docs/manage/ingestion-volume/data-volume-index/metrics-data-volume-index.md index 32f1729111..24a1714355 100644 --- a/docs/manage/ingestion-volume/data-volume-index/metrics-data-volume-index.md +++ b/docs/manage/ingestion-volume/data-volume-index/metrics-data-volume-index.md @@ -4,6 +4,8 @@ title: Metrics Data Volume Index description: The Metrics Data Volume Index contains JSON formatted messages that contain parent objects for each source data point, and child objects that detail the data points for each parent. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + Sumo Logic populates the Metrics Data Volume Index with a set of JSON-formatted messages every five minutes. The messages contain the volume of metric data points your account is ingesting.  You can query the index to: @@ -65,7 +67,7 @@ _index=sumologic_volume _sourceCategory="sourcecategory_metrics_volume" It returns results like these: -![metric-volume-source-category](/img/manage/ingestion-volume/metric-volume-source-category.png) +Metric volume source category ### Metric volume by collector @@ -80,7 +82,7 @@ _index=sumologic_volume _sourceCategory="collector_metrics_volume" It returns results like these: -![metric-volume-collector.png](/img/manage/ingestion-volume/metric-volume-collector.png) +Metric volume collector ### Metric volume for a specific collector diff --git a/docs/manage/ingestion-volume/ingest-budgets/daily-volume.md b/docs/manage/ingestion-volume/ingest-budgets/daily-volume.md index c8d6c927e6..c2530f25ff 100644 --- a/docs/manage/ingestion-volume/ingest-budgets/daily-volume.md +++ b/docs/manage/ingestion-volume/ingest-budgets/daily-volume.md @@ -79,7 +79,7 @@ Use the **Ingest Budgets** page to manage your ingest budgets. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To access the Ingest Budgets page, in the main Sumo Logic menu select **Manage Data > Collection > Ingest Budgets**. -![metadata ingest budgetspage.png](/img/manage/ingestion-volume/metadata-ingest-budgets-page.png) +Metadata ingest budgets page The page displays the following information: @@ -94,7 +94,7 @@ At the top of the page, you can click **+ Add Budget** to [create a new ingest For the ingest budgets listed, select a row to view its details. A details pane appears to the right of the table. -![v2 IB pane.png](/img/manage/ingestion-volume/ingest-budget-list.png) +Ingest budgets pane In the details pane you can do the following to the selected ingest budget: @@ -143,13 +143,13 @@ You can manually reset a budget at any time to set its capacity utilization tra #### Edit ingest budget 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Ingest Budget**. You can also click the **Go To...** menu at the top of the screen and select **Ingest Budget**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Ingest Budgets**. -1. In the table find the ingest budget you want to edit and click the edit icon ![pencil edit icon.png](/img/manage/ingestion-volume/pencil-edit-icon.png) on the right of the row or click the row and then click the edit icon in the details panel. +1. In the table find the ingest budget you want to edit and click the edit icon Pencil edit icon on the right of the row or click the row and then click the edit icon in the details panel. 1. Make your changes and click **Update**. #### Delete ingest budget 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Data Management**, and then under **Data Collection** select **Ingest Budget**. You can also click the **Go To...** menu at the top of the screen and select **Ingest Budget**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Collection > Ingest Budgets**. -1. In the table find the ingest budget you want to delete and click the delete icon ![delete trash icon.png](/img/manage/ingestion-volume/delete-trash-icon.png) on the right of the row or click the row and then click the delete icon in the details panel. +1. In the table find the ingest budget you want to delete and click the delete icon Delete trash icon on the right of the row or click the row and then click the delete icon in the details panel. 1. You will get a confirmation prompt, ensure that you are deleting the desired ingest budget and then click **Delete**. ### Budget assignment examples diff --git a/docs/manage/ingestion-volume/monitor-ingestion-receive-alerts.md b/docs/manage/ingestion-volume/monitor-ingestion-receive-alerts.md index d03897c566..668da0f8a0 100644 --- a/docs/manage/ingestion-volume/monitor-ingestion-receive-alerts.md +++ b/docs/manage/ingestion-volume/monitor-ingestion-receive-alerts.md @@ -81,7 +81,7 @@ After completing the setup, schedule the search to run:  1. Schedule Query you created in Setup. For details, see [Schedule a Search](../../alerts/scheduled-searches/schedule-search.md). 1. Set the **Run frequency** to **Daily**. -1. Enter **-32d** for the time range.
![time range monthly plan.png](/img/manage/ingestion-volume/daily-32d.png) +1. Enter **-32d** for the time range.
Time range monthly plan 1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0.** @@ -102,7 +102,7 @@ You must update the indicated field for the search to be successfully saved. ``` The correct value is on the Account page. 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Account Overview**. -
For example, the daily plan size in the following figure is 100.
![Account](/img/manage/ingestion-volume/account-overview.png) +
For example, the daily plan size in the following figure is 100.
The daily plan size in this image is 100 #### Query @@ -126,7 +126,7 @@ After completing the setup steps above, schedule the search to run, as follows. 1. Schedule the query you created in the previous step (**Query**). For details, see [Schedule a Search](../../alerts/scheduled-searches/schedule-search.md). 1. Set the **Run frequency** to **Daily**. -1. Set time range value to **Last 24 Hours**.
![time range daily plan limit.png](/img/manage/ingestion-volume/daily-last-24.png) +1. Set time range value to **Last 24 Hours**.
Time range daily plan limit 1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0.** ## Usage spike alert @@ -175,7 +175,7 @@ After completing the setup steps above, schedule the search to run, as follows. 1. Schedule the query you just created in Setup. For details, see [Schedule a Search](../../alerts/scheduled-searches/schedule-search.md). 1. Set the **Run frequency** to **Hourly**. -1. Enter **-65m -5m** for the time range.
![time range usage spike.png](/img/manage/ingestion-volume/hourly-65.png) +1. Enter **-65m -5m** for the time range.
Time range usage spike 1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0.** @@ -229,7 +229,7 @@ After completing the setup steps, you'll need to create a monitor.  1. Create a monitor corresponding to the query you've created above ([learn more](/docs/alerts/monitors/create-monitor)). 1. Set the **Run frequency** to **Hourly**. -1. Set a time range. The default is **Last 24 hours**. If you need to allow for more time because some collectors do not typically ingest data that often, specify a longer time range. For example, seven days.
![Alert](/img/manage/ingestion-volume/AlertDataLoss.png) +1. Set a time range. The default is **Last 24 hours**. If you need to allow for more time because some collectors do not typically ingest data that often, specify a longer time range. For example, seven days.
Alert 1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0**. 1. (Optional) You can test your new alert in one of the following ways. * Limit the results to monitor just two collectors by adding this extra line to the end of the query: @@ -266,5 +266,5 @@ After completing the setup steps above, schedule the search to run, as follows. 1. Schedule the query you just created in Setup. For details, see [Schedule a Search](../../alerts/scheduled-searches/schedule-search.md). 1. Set the **Run frequency** to **Every 15 Minutes**. -1. Set the time range to the **Last 15 Minutes**.
![time range throttling alert.png](/img/manage/ingestion-volume/time-throttling.png) +1. Set the time range to the **Last 15 Minutes**.
Time range throttling alert 1. Make sure Alert Condition is set to **Send Notification** if the **Alert Condition** is met: **Number of results** greater than **0**. diff --git a/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md b/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md index b6792f5671..326e69bc03 100644 --- a/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md +++ b/docs/manage/manage-subscription/cloud-flex-legacy-accounts.md @@ -4,6 +4,8 @@ title: Cloud Flex Legacy Accounts description: Learn how to view information on Cloud Flex legacy accounts and intuitively monitor usage and manage account costs. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + :::note legacy account type We recommend transitioning to a our newer [Flex Plan](/docs/manage/manage-subscription/sumo-logic-flex-accounts/) for the newest features and enhanced functionality. ::: @@ -130,14 +132,18 @@ To view the Account page, do the following: 1. Log in to your account. 1. [**New UI**](/docs/get-started/sumo-logic-ui/). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Account Overview**.
The Account Overview tab of the Account page is shown by default. + :::note You must have a role that grants you the [Account Overview capability](/docs/manage/users-roles/roles/role-capabilities/) to view the Account Overview tab. ::: -![CloudFlex-AccountPage.png](/img/manage/subscriptions/cloud-flex-account-page.png) + +Cloud Flex account page + :::note If you are your Sumo Logic account owner, your Account page also displays a **Manage Organization** section. For information on these options, see [Manage Organization](/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings). ::: -![manage-org-links.png](/img/manage/subscriptions/manage-org-links.png) + +Manage org links ## Monitoring account usage @@ -165,9 +171,9 @@ The following visual indicators apply: To switch between views and time interval displays, do the following: 1. Sign in to Sumo Logic. -1. [**New UI**](/docs/get-started/sumo-logic-ui/). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Account Overview**.
The Account page appears with the Account Overview tab shown by default. The top panel shows account details and the bottom panel displays usage analytics.
![CloudFlex-AccountPage.png](/img/manage/subscriptions/pqs.png) +1. [**New UI**](/docs/get-started/sumo-logic-ui/). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Account Overview**. You can also click the **Go To...** menu at the top of the screen and select **Account Overview**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Account Overview**.
The Account page appears with the Account Overview tab shown by default. The top panel shows account details and the bottom panel displays usage analytics.
Cloud Flex account page 1. To change the type of analytics you are viewing, in the **Usage (Daily Capacity)** panel click the arrow next to the view name and select the analytics type from the dropdown list. The display data changes accordingly. Repeat as needed to monitor all the areas of your account usage. -1. To view data from a different billing period, click the arrow next the the **Billing period** and choose another period from the dropdown list.
![CloudFlex_Usage_BillingPeriod_menu.png](/img/manage/subscriptions/uage-billing-period.png) +1. To view data from a different billing period, click the arrow next the the **Billing period** and choose another period from the dropdown list.
Cloud Flex usage billing period menu
The data display changes accordingly.  ### Drilling into usage data  @@ -176,21 +182,11 @@ You can easily drill into usage graph data for a more granular view, with the a To drill into usage data, do the following: -1. In the Usage panel, drag your cursor over the graph intervals you want to analyze in greater detail. As you drag your cursor, the bars on the chart will be highlighted. - - ![CloudFlex_Drilldown_select.png](/img/manage/subscriptions/zoom-selection.png) - - When you release the cursor, the display changes accordingly. - - ![CloudFlex_Drilldown_select-results.png](/img/manage/subscriptions/zoomed-in.png) - -1. To scroll through the data, click the Zoom icon to toggle On the Pan feature, then select the background and drag your cursor to the left and right. - - ![CloudFlex_Drilldown_scroll.png](/img/manage/subscriptions/pan-feature.png) +1. In the Usage panel, drag your cursor over the graph intervals you want to analyze in greater detail. As you drag your cursor, the bars on the chart will be highlighted.
Cloud Flex drilldown select + When you release the cursor, the display changes accordingly.
Cloud Flex drilldown select results +1. To scroll through the data, click the Zoom icon to toggle On the Pan feature, then select the background and drag your cursor to the left and right.
Cloud Flex drilldown scroll 1. To drill down further, repeat step 1 and 2 as needed. -1. To return to the original data display, click the Reset icon. - - ![CloudFlex_Drilldown_reset.png](/img/manage/subscriptions/reset-icon.png) +1. To return to the original data display, click the Reset icon.
Cloud Flex drilldown reset The display changes accordingly. diff --git a/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account.md b/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account.md index fd1d63466a..98a6191a48 100644 --- a/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account.md +++ b/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account.md @@ -4,6 +4,8 @@ title: Upgrade a Cloud Flex Account (Legacy) description: Learn how to upgrade Cloud Flex (Legacy) account. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + :::note legacy account type We recommend transitioning to a our newer [Flex Plan](/docs/manage/manage-subscription/sumo-logic-flex-accounts/) for the newest features and enhanced functionality. ::: @@ -30,7 +32,7 @@ It depends on your current account type: ## Upgrade an account -1. [**New UI**](/docs/get-started/sumo-logic-ui/). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Manage Plan**. You can also click the **Go To...** menu at the top of the screen and select **Manage Plan**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Manage Plan**.
![manage-plan-cloudflex.png](/img/manage/subscriptions/manage-plan-cloudflex.png) +1. [**New UI**](/docs/get-started/sumo-logic-ui/). In the main Sumo Logic menu select **Administration**, and then under **Account** select **Manage Plan**. You can also click the **Go To...** menu at the top of the screen and select **Manage Plan**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Administration > Account > Manage Plan**.
Manage plan Cloud Flex 1. The left side of the page displays your current account type. 1. **Choose a New Plan**. Click the radio button next to **Professional** or **Enterprise**. If you just want to increase product variable levels for your current account type, do not select a new plan type. 1. **Select New Log and Metric Data Volume**. As you change the values, the upgrade cost shown to the right will adjust. @@ -39,8 +41,8 @@ It depends on your current account type: 1. **Billing Frequency.** Click the radio button next to **Annually** or **Monthly**.  1. Click **Upgrade**. 1. The page refreshes to display the **Payment Method** step.If you've previously upgraded you may choose to use the existing payment method and click **Next**. -1. To add a new payment method, click **Use a New Credit Card**, enter the credit card information you'd like Sumo Logic to bill, and click **Submit**. 
![step-2-cloudflex.png](/img/manage/subscriptions/step-2-cloudflex.png) -1. The page refreshes to show the **Confirm Upgrade** step.
![order-summary.png](/img/manage/subscriptions/order-summary.png) +1. To add a new payment method, click **Use a New Credit Card**, enter the credit card information you'd like Sumo Logic to bill, and click **Submit**. 
New credit card information +1. The page refreshes to show the **Confirm Upgrade** step.
Order summary 1. Read the Service Level Agreements, then click **I have read and agree to the Service Level Agreements** to continue. 1. Click **Confirm** to complete the upgrade. After you click **Confirm**, the credit card you provided to Sumo Logic is charged. 1. The upgrade is processed, then a **Congratulations** screen appears. Click **Finish**. diff --git a/docs/manage/partitions/data-tiers/faq.md b/docs/manage/partitions/data-tiers/faq.md index 60ae6f6ceb..b3ae3bffef 100644 --- a/docs/manage/partitions/data-tiers/faq.md +++ b/docs/manage/partitions/data-tiers/faq.md @@ -61,15 +61,15 @@ The table below shows how many credits would be consumed for the same query over Your **Account Overview** page shows the credits your org has consumed for Infrequent searches.  -![infrequent-usage.png](/img/manage/partitions-data-tiers/infrequent-usage.png) +Infrequent usage In addition, when you enter an Infrequent query in a [Log Search](/docs/search), before you run it, you'll see an estimate of the amount of data that will be scanned for that query.  -![estimated-scan.png](/img/manage/partitions-data-tiers/estimated-scan.png) +Estimated scan -After you run an Infrequent query, you can see the volume of data that was actually scanned.   +After you run an Infrequent query, you can see the volume of data that was actually scanned. -![total-scan.png](/img/manage/partitions-data-tiers/total-scan.png) +Total scan ## How do I create partitions to reroute data to a different tier later?  diff --git a/docs/manage/partitions/data-tiers/index.md b/docs/manage/partitions/data-tiers/index.md index 07d5f12117..e296f319aa 100644 --- a/docs/manage/partitions/data-tiers/index.md +++ b/docs/manage/partitions/data-tiers/index.md @@ -84,7 +84,7 @@ For information about searching data tiers, see [Searching Data Tiers](searchin This section describes the most common error messages for Data Tiers. -* If you try to add a panel to a dashboard that uses data from the Frequent or Infrequent Tiers, you'll receive the following error message, because you can only use data from the Continuous Tier in a dashboard: `This query is not supported in Dashboards/Scheduled Searches because it is not in the Continuous Analytics tier. Please modify query and try again.`
![create-panel.png](/img/manage/partitions-data-tiers/no-dashboard-support.png)   +* If you try to add a panel to a dashboard that uses data from the Frequent or Infrequent Tiers, you'll receive the following error message, because you can only use data from the Continuous Tier in a dashboard: `This query is not supported in Dashboards/Scheduled Searches because it is not in the Continuous Analytics tier. Please modify query and try again.`
Create panel> * If you try to specify the scope of a Scheduled View or a Scheduled Search using a partition in the Frequent or Infrequent Data tiers, you'll receive this error message: `This query is not supported in Dashboards/Scheduled Searches because it is not in the Continuous Analytics tier. Please modify query and try again.` ## Guides diff --git a/docs/manage/scheduled-views/scheduled-views-best-practices.md b/docs/manage/scheduled-views/scheduled-views-best-practices.md index 2ecda53112..efecbeab8b 100644 --- a/docs/manage/scheduled-views/scheduled-views-best-practices.md +++ b/docs/manage/scheduled-views/scheduled-views-best-practices.md @@ -4,6 +4,8 @@ title: Scheduled Views Best Practices and Examples description: A Scheduled View is a query that runs on a schedule. This topic has some tips for setting up Scheduled View queries. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + A Scheduled View reduces aggregate data down to the bare minimum, so they contain only the results that you need to generate your data. Queries that run against Scheduled Views return search results much faster because the data is pre-aggregated before the query is run. Scheduled Views process queries once per minute. These items are required in Scheduled View queries: @@ -202,7 +204,7 @@ _sourceCategory=prod/web/iis | timeslice 1m | count by _timeslice which would produce results like: -![lightweight](/img/scheduled-views/scheduled_view_lightweight.png) +Lightweight Scheduled View query Compared to this Scheduled View query, which is more robust, but five times heavier with one additional column: @@ -212,7 +214,7 @@ _sourceCategory=prod/web/iis | timeslice 1m | count by _timeslice, status_code This would produce results like: -![robust](/img/scheduled-views/scheduled_view_robust.png) +Robus Scheduled View query Now you can use **sum** on your records, because the counts are broken out. For example, use the sum operator to aggregate the aggregation in the following query: diff --git a/docs/manage/security/installation-tokens.md b/docs/manage/security/installation-tokens.md index 423e65959f..10f79d0098 100644 --- a/docs/manage/security/installation-tokens.md +++ b/docs/manage/security/installation-tokens.md @@ -44,7 +44,7 @@ Managing Installation Tokens requires the **Manage Tokens** role capability. The Installation Tokens page displays the following information:  -* **Status** shows a green checkmark ![Green checkmark.png](/img/security/installation-tokens/green-checkmark.png) to indicate if the Installation Token is active and available for use or an exclamation mark in a red circle ![Red circle with a white exclamation mark.png](/img/security/installation-tokens/red-circle-white-exclamation.png) to indicate if the Installation Token is deactivated and not available for use. +* **Status** shows a green checkmark Green checkmark to indicate if the Installation Token is active and available for use or an exclamation mark in a red circle Red circle with a white exclamation mark to indicate if the Installation Token is deactivated and not available for use. * **Token Name** is the name of the Installation Token, these must be unique. * **Description** shows the optional description of the Installation Token. diff --git a/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws.md b/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws.md index a3055696b9..a6d12dd153 100644 --- a/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws.md +++ b/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws.md @@ -310,7 +310,7 @@ If you selected **Create New Source** for any source on the [**Configure Sources 1. Click **Create Stack.** 1. Verify that the AWS CloudFormation template has executed successfully in a `CREATE_COMPLETE` status. * This indicates that you have all the right permissions on both the Sumo Logic and the AWS side to proceed with the installation of the solution.  - * All the resources (Sumo Logic and AWS) created by template are also deleted.
![Testing_sumo_Permission_2.png](/img/observability/Testing_sumo_Permission_2.png) + * All the resources (Sumo Logic and AWS) created by template are also deleted.
Testing Sumo Logic permissions 1. If the AWS CloudFormation template has not executed successfully, identify and fix any permission errors until the stack completes with a `CREATE_COMPLETE` status.  1. Once the AWS CloudFormation stack has executed successfully, delete the AWS CloudFormation Stack. From d123904a7fee55b990494b87ce07cfef36f68d37 Mon Sep 17 00:00:00 2001 From: John Pipkin Date: Thu, 6 Nov 2025 16:22:39 -0600 Subject: [PATCH 2/5] Fix spelling error --- docs/manage/health-events.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manage/health-events.md b/docs/manage/health-events.md index b01074c9aa..c9fc2708ec 100644 --- a/docs/manage/health-events.md +++ b/docs/manage/health-events.md @@ -42,7 +42,7 @@ On the health events table, you can search, filter, and sort incidents by ke [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To access the health events table, in the main Sumo Logic menu select **Manage Data > Monitoring > Health Events**. -Health events tabl +Health events table Click on a row to view the details of a health event. From e09623d51532b83bf98d59cfef111aaf38f30575 Mon Sep 17 00:00:00 2001 From: John Pipkin Date: Thu, 6 Nov 2025 16:57:55 -0600 Subject: [PATCH 3/5] Start alerts --- docs/alerts/monitors/alert-response-faq.md | 4 +++- docs/alerts/monitors/alert-response.md | 18 +++++++++--------- docs/alerts/monitors/create-monitor.md | 2 +- docs/alerts/monitors/monitor-faq.md | 5 +++-- 4 files changed, 16 insertions(+), 13 deletions(-) diff --git a/docs/alerts/monitors/alert-response-faq.md b/docs/alerts/monitors/alert-response-faq.md index 6e8826bf7a..236789e215 100644 --- a/docs/alerts/monitors/alert-response-faq.md +++ b/docs/alerts/monitors/alert-response-faq.md @@ -4,6 +4,8 @@ title: Alert Response FAQ description: Our commonly asked questions about alert response are documented for your reference. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + ## Is alert response available in all Sumo Logic packages?  Overall, yes. Alert response is available in all the Sumo Logic packages. However, there are specific features within alert response that only work on specific packages. See the table below for details.  @@ -41,7 +43,7 @@ For example, in Slack, you can add the following section to the **Alert Payload* }, ``` -![alertResponseURLExample.png](/img/alerts/monitors/alertResponseURLExample.png) +Alert response URL example Learn more about [Alert Variables](/docs/alerts/monitors/alert-variables). diff --git a/docs/alerts/monitors/alert-response.md b/docs/alerts/monitors/alert-response.md index a0b6b60ecb..fcac688944 100644 --- a/docs/alerts/monitors/alert-response.md +++ b/docs/alerts/monitors/alert-response.md @@ -37,7 +37,7 @@ Learn how to use alert response. ## Setting up alert response -Email alerts automatically get a button labeled **View Alert** that opens the alert on the alert page, shown in the below image.
![view alert from email.png](/img/alerts/monitors/view-alert-from-email.png) +Email alerts automatically get a button labeled **View Alert** that opens the alert on the alert page, shown in the below image.
View alert from email If you use [Webhook connections](/docs/alerts/webhook-connections) offered by Sumo Logic for receiving notifications, you'll need to provide the [`alertResponseUrl` variable](/docs/alerts/monitors/alert-variables) in your notification payload of a monitor to receive a link that opens alert response. When your monitor is triggered, it will generate a URL and provide it in the alert notification payload, which you can use to open the alert response. @@ -72,7 +72,7 @@ To get to your Alert List: * From the [**New UI**](/docs/get-started/sumo-logic-ui/), select **Alerts**. * From the [**Classic UI**](/docs/get-started/sumo-logic-ui-classic), click the bell icon in the top menu. -To search alerts, use the search bar and filters.
![search alert list.png](/img/alerts/monitors/search-alert-list.png) +To search alerts, use the search bar and filters.
Search alert list To sort by category (for example, **Name**, **Severity**, **Status**), click on a column header. @@ -115,7 +115,7 @@ To view detailed information about an alert, go to your [Alert List](#alert-list * A history of previous occurrences of the alert. * Key details such as the trigger time and the condition that caused the alert. -The following images and lists describe alert element on the page.
![top of the alert response page.png](/img/alerts/monitors/top-alert-response-page.png) +The following images and lists describe alert element on the page.
Top of the alert response page * **A**. Monitor name. * **B**. Copies the link to the opened alert page. @@ -130,11 +130,11 @@ The following images and lists describe alert element on the page.
![top of :::note Sumo Logic automatically resolves alerts when the monitor's recovery condition is met. This behavior cannot be modified or disabled. While you could configure a recovery condition that prevents Sumo Logic from resolving a monitor, this is not recommended, as it may suppress unrelated alerts from being triggered. ::: - ![alert page sep 23.png](/img/alerts/monitors/alert-page.png) + Resolves the alert * **K**. The red exclamation mark indicates the alert is still active and a white exclamation in the gray circle indicates it's resolved.
labels * **Related Alerts**. A panel with related alerts and the monitor History. It shows other alerts in the system that were triggered around the same time as this alert. This information is helpful to know what issues are happening in the system and whether the current problem is an isolated issue or a more systemic one. There are two types of relations that a related alert can have.
related alerts * **Time**. Shows all the alerts that were triggered 30 minutes before or after the given alert that doesn't have another association. - * **Entity**. Shows all the alerts that were triggered one hour before and after the given alert that happened on the same entity (node, pod, cluster, etc.). You can click the expand arrow ![expand arrow.png](/img/alerts/monitors/expand-arrow.png) to view the alert's trigger condition and the white arrow in the square ![open in new tab icon.png](/img/alerts/monitors/open-new-tab.png) to open the alert in its own alert page. + * **Entity**. Shows all the alerts that were triggered one hour before and after the given alert that happened on the same entity (node, pod, cluster, etc.). You can click the expand arrow Expand arrow to view the alert's trigger condition and the white arrow in the square Open in new tab icon to open the alert in its own alert page. * **Monitor History**. Shows the past 30 days of similar alerts that were triggered by the monitor (that generated the current alert). Monitor History can be helpful to determine how frequently an alert has fired in the past and if the alert is flaky. You can then quickly correlate whether the current problem is similar to a past one by comparing the information shared for the alert. * **L**. The query of the monitor.
labels * **M**. A chart that visualizes the trend of the metric that was tracked as part of the alert condition of the monitor. The visualization tracks the *before* and *during* trends of the metric. @@ -191,7 +191,7 @@ The **Log Fluctuations** context card, available for logs monitors, detects diff This card detects time series anomalies for entities related to the alert. -Anomalies are grouped into [golden signals](https://sre.google/sre-book/monitoring-distributed-systems/). Anomalies are also presented on a timeline; the length of the anomaly represents its duration.
![anomalies .png](/img/alerts/monitors/anomalies.png) +Anomalies are grouped into [golden signals](https://sre.google/sre-book/monitoring-distributed-systems/). Anomalies are also presented on a timeline; the length of the anomaly represents its duration.
Anomalies * **A**. Name and description of the context card. * **B**. Count of anomalies belonging to each golden signal type. @@ -202,15 +202,15 @@ Anomalies are grouped into [golden signals](https://sre.google/sre-book/monitor Only anomalies with a start time around 30 minutes before or after the alert was created show up in the card. ::: -Hover over an EOI to view key information about the event.
![eoi-stats.png](/img/alerts/monitors/eoi-stats.png) +Hover over an EOI to view key information about the event.
EOI stats -Click on the EOI to open the **Summary View** and **Entity Inspector**.
![entity inspector.png](/img/alerts/monitors/entity-inspector.png) +Click on the EOI to open the **Summary View** and **Entity Inspector**.
Entity inspector ### Benchmark Benchmarks refer to baselines computed from anonymized and aggregated telemetry data from Sumo Logic customers in domains such as AWS. If the telemetry values for your entity during an alert period are unusual compared to benchmarks, you may have an unusual configuration change or other backend issues.  -For example, the card below shows that `ServiceUnavailable` error is happening 32 times more often in your AWS account compared with other Sumo Logic customer’s accounts. This AWS error pertains to AWS API calls that are failing at a higher rate than what is expected based on cross-customer baselines. This particular error implies an AWS incident affecting the particular AWS resource type and API. 
![benchmark card.png](/img/alerts/monitors/benchmark.png) +For example, the card below shows that `ServiceUnavailable` error is happening 32 times more often in your AWS account compared with other Sumo Logic customer’s accounts. This AWS error pertains to AWS API calls that are failing at a higher rate than what is expected based on cross-customer baselines. This particular error implies an AWS incident affecting the particular AWS resource type and API. 
Benchmark card * **A**. Name and description of the context card. * **B**. Count of unusual Benchmarks by golden signal type. diff --git a/docs/alerts/monitors/create-monitor.md b/docs/alerts/monitors/create-monitor.md index f4ece04179..91b2779459 100644 --- a/docs/alerts/monitors/create-monitor.md +++ b/docs/alerts/monitors/create-monitor.md @@ -318,7 +318,7 @@ For example, when an alert is set to `greater than 10`, the recovery would be | `` | How you want the value compared. Select greater than, greater than or equal, less than or equal, or less than. | | `` | The value against which the resolution will be evaluated. You can specify any valid numeric value. | -The Alert and recovery setting affects both the alert generation logic and the alert recovery logic. `Alert and recovery require a minimum of data points for "at all times" evaluation windows`. This setting only works when you choose `at all times within` as the type of occurrence for the alert.
![metrics alert datapoints.png](/img/alerts/monitors/minimum-datapoints.png) +The Alert and recovery setting affects both the alert generation logic and the alert recovery logic. `Alert and recovery require a minimum of data points for "at all times" evaluation windows`. This setting only works when you choose `at all times within` as the type of occurrence for the alert.
Metrics alert datapoints | Parameter | Description | |:--|:--| diff --git a/docs/alerts/monitors/monitor-faq.md b/docs/alerts/monitors/monitor-faq.md index c32ed729ed..d2b84d951d 100644 --- a/docs/alerts/monitors/monitor-faq.md +++ b/docs/alerts/monitors/monitor-faq.md @@ -4,6 +4,7 @@ title: Monitors FAQ description: Frequently asked questions about Sumo Logic monitors. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; import AlertsTimeslice from '../../reuse/alerts-timeslice.md'; ## How can I optimize scan costs for monitors when using Flex Pricing? @@ -85,9 +86,9 @@ The [Test Connection feature for webhooks](/docs/alerts/webhook-connections/se ## One of our monitors suddenly stopped sending notifications, even though I see it on the monitors page -One reason could be that the user who created the monitor was deleted. You can check the **Created By** value on the monitors page. If it has ``, you will need to re-create the monitor.
![user unknown monitors.png](/img/alerts/monitors/user-unknown-monitors.png) +One reason could be that the user who created the monitor was deleted. You can check the **Created By** value on the monitors page. If it has ``, you will need to re-create the monitor.
User unknown monitors -You can quickly **Duplicate** the monitor by hovering over it on the monitors page and clicking the three-dot kebab icon:
![more actions menu for monitors.png](/img/alerts/monitors/more-actions-menu-for-monitors.png) +You can quickly **Duplicate** the monitor by hovering over it on the monitors page and clicking the three-dot kebab icon:
More actions menu for monitors then selecting **Duplicate**. If your monitor still doesn't work, we recommend contacting [Sumo Logic support](https://support.sumologic.com/).  From e78c91cf1b969cfa86e2dc4dfb026deb9ec95bad Mon Sep 17 00:00:00 2001 From: John Pipkin Date: Fri, 7 Nov 2025 11:22:59 -0600 Subject: [PATCH 4/5] Finish alerts --- .../alerts/scheduled-searches/create-email-alert.md | 4 +--- docs/alerts/scheduled-searches/edit-cancel.md | 8 +++++--- docs/alerts/scheduled-searches/faq.md | 12 +++++++----- docs/alerts/scheduled-searches/save-to-index.md | 4 +++- docs/alerts/webhook-connections/jira-cloud.md | 4 ++-- docs/alerts/webhook-connections/jira-server.md | 4 ++-- .../alerts/webhook-connections/jira-service-desk.md | 4 ++-- docs/alerts/webhook-connections/microsoft-teams.md | 2 +- docs/alerts/webhook-connections/opsgenie-legacy.md | 2 +- docs/alerts/webhook-connections/opsgenie.md | 4 ++-- docs/alerts/webhook-connections/pagerduty.md | 8 ++------ .../schedule-searches-webhook-connections.md | 6 ++++-- .../servicenow/set-up-connections.md | 5 +++-- .../servicenow/set-up-searches.md | 13 +++---------- .../servicenow/set-up-security-incident-webhook.md | 4 +++- .../set-up-webhook-connections.md | 2 +- 16 files changed, 42 insertions(+), 44 deletions(-) diff --git a/docs/alerts/scheduled-searches/create-email-alert.md b/docs/alerts/scheduled-searches/create-email-alert.md index 806dedd5d0..6c961ce270 100644 --- a/docs/alerts/scheduled-searches/create-email-alert.md +++ b/docs/alerts/scheduled-searches/create-email-alert.md @@ -74,8 +74,6 @@ Do either of the following: * To make changes to the search query before you run it again, click the saved search title link, next to **Saved Search**. This will open the query in the Sumo Logic search page.  * To see all the results of the search, under **Message Distribution**, click the **View results in Sumo Logic** link in the email. Or under **Aggregation**, click "**here**". Sumo Logic will recreate the search exactly matching the query and time parameters of the original scheduled search. -![Search from email](/img/alerts/search_from_email_new.png) - :::note If you're a new user and someone has forwarded you an alert email, the links to the search will not work until you've completed your setup process. ::: @@ -104,7 +102,7 @@ The Scheduled Search Email Alert template includes the following details: * **Aggregation.** Displays the first 25 messages of the search results, and includes the complete number of results. Click "**here**" in the email to view the full results in Sumo Logic.  * **Results as CSV attachment.** If you have selected to receive your scheduled search results as a CSV file, it will be attached to the email. The maximum CSV file size allowed is 5MB or 1,000 results.  -![Search from email](/img/alerts/search_from_email_new.png) +Search from email :::note Rarely, there may be circumstances that prevent the histogram from loading fast enough to be included with the email before it is sent. In that case, you will receive an email with all pertinent information, just without the graph. diff --git a/docs/alerts/scheduled-searches/edit-cancel.md b/docs/alerts/scheduled-searches/edit-cancel.md index ede6414bfd..783081872c 100644 --- a/docs/alerts/scheduled-searches/edit-cancel.md +++ b/docs/alerts/scheduled-searches/edit-cancel.md @@ -5,6 +5,8 @@ sidebar_label: Edit or Cancel a Scheduled Search description: You can edit or cancel a Scheduled Search at any time. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + You can edit or cancel a Scheduled Search at any time from your [Library](/docs/get-started/library). If you cancel a scheduled search, it will revert to a saved search. :::important @@ -14,8 +16,8 @@ If the user who "owns" a Scheduled Search is removed from your org, the Schedule ## Cancel a Scheduled Search 1. Go to your **Library** and find the scheduled search you want to cancel. For information about finding an item in the Library, see [Search the Library](/docs/get-started/library#search-the-library).  -1. Click the more options menu to the right of the scheduled search and select **Edit**.
![Library scheduled search edit](/img/alerts/list-of-sched-searches.png) -1. In the **Edit Search** dialog, click **Edit this search's schedule**.
![edit search](/img/alerts/edit-search.png) +1. Click the more options menu to the right of the scheduled search and select **Edit**.
Library scheduled search edit +1. In the **Edit Search** dialog, click **Edit this search's schedule**.
Edit search 1. From the **Run Frequency** menu, choose **Never** to cancel the scheduled search. 1. Click **Update**. @@ -48,4 +50,4 @@ You have two options to resolve the issue: If you don’t have the **Change Data Access Level** capability, your Sumo Logic administrator will need to update your role to include it. ::: -![edit search](/img/alerts/cannot-edit-scheduled-search.png) +Edit search diff --git a/docs/alerts/scheduled-searches/faq.md b/docs/alerts/scheduled-searches/faq.md index c34d9a955e..2017087ee9 100644 --- a/docs/alerts/scheduled-searches/faq.md +++ b/docs/alerts/scheduled-searches/faq.md @@ -5,6 +5,8 @@ sidebar_label: FAQ description: You can edit or cancel a Scheduled Search at any time. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + The following topics include frequently asked questions about scheduled searches and provide troubleshooting tips.  @@ -51,7 +53,7 @@ To create a Scheduled Search: | fields collector, gbytes, collector_pct_of_todaysvolume, todays_volume, plan_size, todaysvolume_against_plan ``` 1. For the search **Time Range**, select **Today**. -1. Click **Save As**.
![DataUsageBreached.png](/img/alerts/DataUsageBreached.png) +1. Click **Save As**.
Data usage breached 1. In the **Save Search As** dialog, enter a name for this Scheduled Search, such as **90% Data Usage Limit Reached**. 1. Set the **Run frequency** to **Every 4 hours**. 1. Click **Schedule this search**.  @@ -160,21 +162,21 @@ A maximum of 6000 Scheduled Searches are allowed per account. The following is an example of a temporary suspension email: -![suspension email.png](/img/alerts/suspension-email.png) +Suspension email The [Audit Index](/docs/manage/security/audit-indexes/audit-index) stores events on your scheduled search events. The following is an example of a temporary suspension log: -![temp sus.png](/img/alerts/temp-sus.png) +Temporary suspension #### Permanent suspension The following is an example of a permanent suspension email: -![permanent sus.png](/img/alerts/permanentsus.png) +Permanent suspension The [Audit Index](/docs/manage/security/audit-indexes/audit-index) stores events on your scheduled search events. The following is an example of a permanent suspension log: -![perm sus.png](/img/alerts/perm-sus.png) +Permanent suspension #### How long will the Scheduled Search be suspended?   diff --git a/docs/alerts/scheduled-searches/save-to-index.md b/docs/alerts/scheduled-searches/save-to-index.md index 03646fb48a..a9756b6855 100644 --- a/docs/alerts/scheduled-searches/save-to-index.md +++ b/docs/alerts/scheduled-searches/save-to-index.md @@ -5,6 +5,8 @@ sidebar_label: Save to Index description: When you save the results of a scheduled search to an Index you can search your data using _index=index_name with increased search performance. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + When you create a Scheduled Search, you can save the results to an Index. This way, your data can be searched at a later time using `_index=index_name` with increased search performance. For example, you could use the following query to find successful logins on a Linux system, then save the results to an Index using the **Save to Index** alert type for your Scheduled Search. @@ -35,7 +37,7 @@ In most cases, if you can use a [Scheduled View](/docs/manage/scheduled-views) ## Save the results of a scheduled search as an Index 1. [Save a search](/docs/search/get-started-with-search/search-basics/save-search).  -1. Click **Schedule this search**.
![SaveToIndex.png](/img/alerts/SaveToIndex.png) +1. Click **Schedule this search**.
Save to index 1. For all configuration options, see [Schedule a Search](schedule-search.md).  1. **Alert Type**. Select **Save to Index**. 1. **Index Name**. Enter a name that you'll use to search the data in a query. Use a name that's descriptive and easy to remember. Names can be comprised of alphanumeric characters; underscores (`_`) are the only special characters allowed. diff --git a/docs/alerts/webhook-connections/jira-cloud.md b/docs/alerts/webhook-connections/jira-cloud.md index 5bbf05a2cd..22431f5370 100644 --- a/docs/alerts/webhook-connections/jira-cloud.md +++ b/docs/alerts/webhook-connections/jira-cloud.md @@ -22,7 +22,7 @@ To send webhook alerts to Jira Cloud you need to include a Basic Authentication ```bash curl -v https://mysite.atlassian.net --user : ```   -1. Your response should look like the following image. You'll need the **Authorization** value when configuring the connection in Sumo Logic.
![Atlassian Basic Authentication.png](/img/connection-and-integration/Atlassian-Basic-Authentication.png) +1. Your response should look like the following image. You'll need the **Authorization** value when configuring the connection in Sumo Logic.
Atlassian Basic Authentication ## Configuration in Sumo Logic @@ -39,7 +39,7 @@ You need the **Manage connections** [role capability](/docs/manage/users-roles 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. 1. On the **Connections** page click the **+** icon at the top-right of the table. -1. Select the **Jira** option. In the **Create Jira Connection** dialog, fill out connection information.
![Jira webhook button.png](/img/connection-and-integration/Jira-webhook-button.png) +1. Select the **Jira** option. In the **Create Jira Connection** dialog, fill out connection information.
Jira webhook button 1. Enter a **Name** for the Connection. 1. (Optional) Enter a **Description** for the Connection. 1. Enter a **URL** from the Jira REST API to create issues. For example, to create an issue: diff --git a/docs/alerts/webhook-connections/jira-server.md b/docs/alerts/webhook-connections/jira-server.md index 4483ee6122..9e368c2078 100644 --- a/docs/alerts/webhook-connections/jira-server.md +++ b/docs/alerts/webhook-connections/jira-server.md @@ -22,7 +22,7 @@ To send webhook alerts to Jira Server, you need to include a Basic Authenticatio ```bash curl -v https://mysite.atlassian.net --user : ``` -1. Your response should look like the following image. You'll need the **Authorization** value when configuring the connection in Sumo Logic.
![Atlassian Basic Authentication.png](/img/connection-and-integration/Atlassian-Basic-Authentication.png) +1. Your response should look like the following image. You'll need the **Authorization** value when configuring the connection in Sumo Logic.
Atlassian basic authentication ## Configuration in Sumo Logic @@ -37,7 +37,7 @@ You need the **Manage connections** [role capability](/docs/manage/users-roles/ 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. 1. On the **Connections** page click the **+** icon at the top-right of the table. -1. Select the **Jira** option. In the **Create Jira Connection** dialog, fill out connection information.
![Jira webhook button.png](/img/connection-and-integration/Jira-webhook-button.png) +1. Select the **Jira** option. In the **Create Jira Connection** dialog, fill out connection information.
Jira webhook button 1. Enter a **Name** for the Connection. 1. (Optional) Enter a **Description** for the Connection. 1. Enter a **URL** from the Jira REST API to create issues. For example, to create an issue: diff --git a/docs/alerts/webhook-connections/jira-service-desk.md b/docs/alerts/webhook-connections/jira-service-desk.md index fb275d3f48..adb9f6173c 100644 --- a/docs/alerts/webhook-connections/jira-service-desk.md +++ b/docs/alerts/webhook-connections/jira-service-desk.md @@ -22,7 +22,7 @@ To send webhook alerts to Jira Service Desk you need to include a Basic Authenti ```bash curl -v https://mysite.atlassian.net --user : ``` -1. Your response should look like the following image. You'll need the **Authorization** value when configuring the connection in Sumo Logic.
![Atlassian Basic Authentication.png](/img/connection-and-integration/Atlassian-Basic-Authentication.png) +1. Your response should look like the following image. You'll need the **Authorization** value when configuring the connection in Sumo Logic.
Atlassian Basic Authentication ## Configuration in Sumo Logic @@ -39,7 +39,7 @@ You need the **Manage connections** [role capability](/docs/manage/users-roles 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. 1. On the **Connections** page click the **+** icon at the top-right of the table. -1. Select the **Jira** option. In the **Create Jira Connection** dialog, fill out connection information.
![Jira webhook button.png](/img/connection-and-integration/Jira-webhook-button.png) +1. Select the **Jira** option. In the **Create Jira Connection** dialog, fill out connection information.
Jira webhook button 1. Enter a **Name** for the Connection. 1. (Optional) Enter a **Description** for the Connection. 1. Enter a **URL** from the Jira REST API to create issues. For example, to create an issue: diff --git a/docs/alerts/webhook-connections/microsoft-teams.md b/docs/alerts/webhook-connections/microsoft-teams.md index c7afcf69aa..9f64f29c56 100644 --- a/docs/alerts/webhook-connections/microsoft-teams.md +++ b/docs/alerts/webhook-connections/microsoft-teams.md @@ -31,7 +31,7 @@ You need the **Manage connections** [role capability](/docs/manage/users-roles This section demonstrates how to create a webhook connection from Sumo Logic to Microsoft Teams using Microsoft's Workflows. 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. -1. Click **+ Add** and choose **Microsoft Teams** as the connection type.
![Microsoft Teams webhook connection tile.png](/img/connection-and-integration/ms-teams-webhook-connection-tile.png) +1. Click **+ Add** and choose **Microsoft Teams** as the connection type.
Microsoft Teams webhook connection tile 1. Enter a **Name** and give an optional **Description** to the connection. 1. Paste the **URL** from Microsoft Teams into the **URL** field. 1. (Optional) **Custom Headers**, enter up to five comma separated key-value pairs. diff --git a/docs/alerts/webhook-connections/opsgenie-legacy.md b/docs/alerts/webhook-connections/opsgenie-legacy.md index 968b0d24bf..ea1636caa3 100644 --- a/docs/alerts/webhook-connections/opsgenie-legacy.md +++ b/docs/alerts/webhook-connections/opsgenie-legacy.md @@ -28,7 +28,7 @@ To add a Sumo Logic integration in Opsgenie, do the following: Your final configurations at Opsgenie should look like this: -![Webhook_Intergration_Example2.png](/img/connection-and-integration/opsgenie-legacy.png) +Webhook intergration example ## Configuration on Sumo Logic diff --git a/docs/alerts/webhook-connections/opsgenie.md b/docs/alerts/webhook-connections/opsgenie.md index e12f1e4421..b96d603d6f 100644 --- a/docs/alerts/webhook-connections/opsgenie.md +++ b/docs/alerts/webhook-connections/opsgenie.md @@ -28,7 +28,7 @@ To add a Sumo Logic integration in Opsgenie, do the following: ::: 1. Click **Save Integration**. -Your configuration in Opsgenie should look something like the following:
![Webhook_Intergration_Example2.png](/img/connection-and-integration/opsgenie.png) +Your configuration in Opsgenie should look something like the following:
Webhook intergration example ## Configuration in Sumo Logic @@ -46,7 +46,7 @@ You need the **Manage connections** [role capability](/docs/manage/users-roles This section demonstrates how to create a webhook connection from Sumo Logic to Opsgenie. 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. -1. Click **+ Add** and choose **Opsgenie** as the connection type.
![Opsgenie webhook button.png](/img/connection-and-integration/opsgenie-webhook-button.png) +1. Click **+ Add** and choose **Opsgenie** as the connection type.
Opsgenie webhook button 1. Enter a **Name** and give an optional **Description** to the connection. 1. Paste the **Integration Url** from Opsgenie into the **URL** field. 1. (Optional) Enter an **Authorization Header**, which may include an authorization token. diff --git a/docs/alerts/webhook-connections/pagerduty.md b/docs/alerts/webhook-connections/pagerduty.md index 6efa1be1e5..e5a8b654af 100644 --- a/docs/alerts/webhook-connections/pagerduty.md +++ b/docs/alerts/webhook-connections/pagerduty.md @@ -98,9 +98,7 @@ The URL and supported payload are different based on the version of the PagerDut Do not update the `routing_key`, `event_action`, and `dedup_key` fields, otherwise recovery notifications will not be generated. ::: 1. For details on other variables that can be used as parameters within your JSON object, see [Webhook Payload Variables](set-up-webhook-connections.md). -1. Click **Save**. - - ![PagerDuty default payload v2.png](/img/connection-and-integration/v2.png) +1. Click **Save**.
PagerDuty default payload v2 ### Events API v1 @@ -153,8 +151,6 @@ The URL and supported payload are different based on the version of the PagerDut :::note Do not update the `service_key`, `event_type`, and `incident_key` fields, otherwise recovery notifications will not be generated. ::: -1. For details on other variables that can be used as parameters within your JSON object, see [Webhook Payload Variables](set-up-webhook-connections.md). - - ![PagerDuty default payload.png](/img/connection-and-integration/PagerDuty-default-payload.png) +1. For details on other variables that can be used as parameters within your JSON object, see [Webhook Payload Variables](set-up-webhook-connections.md).
PagerDuty default payload 1. Click **Save**. diff --git a/docs/alerts/webhook-connections/schedule-searches-webhook-connections.md b/docs/alerts/webhook-connections/schedule-searches-webhook-connections.md index 4bc05369ad..763ffc4263 100644 --- a/docs/alerts/webhook-connections/schedule-searches-webhook-connections.md +++ b/docs/alerts/webhook-connections/schedule-searches-webhook-connections.md @@ -5,6 +5,8 @@ sidebar_label: Sumo Scheduled Searches description: Create a Scheduled Search to send alerts to a third-party tool via Webhook Connections. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + [Scheduled searches](/docs/alerts/scheduled-searches) are saved searches that run automatically at specified intervals. When a scheduled search is configured to send an alert, it can be sent to another tool using a Webhook Connection. ## Limitation @@ -24,8 +26,8 @@ The payload for each scheduled search can be customized (depending on the tool y To set up a scheduled search for a Webhook Connection: 1. [Save a search](/docs/search/get-started-with-search/search-basics/save-search).  -1. On the **Save Item** page, click **Schedule this search**.
![schedule frequency.png](/img/connection-and-integration/schedule-frequency.png) -1. Change **Run Frequency** from "Never" to the desired frequency.
![itemized alert.png](/img/connection-and-integration/itemized-alert.png) +1. On the **Save Item** page, click **Schedule this search**.
Schedule frequency +1. Change **Run Frequency** from "Never" to the desired frequency.
Itemized alert 1. For all configuration options, see [Schedule a Search](/docs/alerts/scheduled-searches).  1. **Alert Type**. Select **Webhook**. 1. Select a **Webhook** from the **Connection** list. diff --git a/docs/alerts/webhook-connections/servicenow/set-up-connections.md b/docs/alerts/webhook-connections/servicenow/set-up-connections.md index 51eaabcbe0..6783d65236 100644 --- a/docs/alerts/webhook-connections/servicenow/set-up-connections.md +++ b/docs/alerts/webhook-connections/servicenow/set-up-connections.md @@ -5,6 +5,7 @@ sidebar_label: Set Up Connections description: Set up connections for ServiceNow integration. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; :::note There are two ServiceNow connections available in Sumo Logic. @@ -31,7 +32,7 @@ To set up a ServiceNow Webhook connection: 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. 1. On the **Connections** page click **Add**. -1. For **Connection Type**, select **ServiceNow**.
![serviceNow icon.png](/img/connection-and-integration/serviceNow-icon.png) +1. For **Connection Type**, select **ServiceNow**.
serviceNow icon 1. In the **Create Connection** dialog, enter the **Name** of the connection. 1. (Optional) Enter a **Description** for the connection. 1. For **URL**, enter one of the following based on whether you want to create **Events** or **Incidents**:  @@ -83,7 +84,7 @@ The first step for integrating ServiceNow with Sumo Logic is to configure one 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Monitoring > Connections**. You can also click the **Go To...** menu at the top of the screen and select **Connections**.
[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Monitoring > Connections**. 1. On the Connections page, click **Add**. -1. For **Connection Type**, select **ServiceNow (Legacy)**.
![serviceNow legacy icon.png](/img/connection-and-integration/serviceNow-legacy-icon.png) +1. For **Connection Type**, select **ServiceNow (Legacy)**.
serviceNow legacy icon 1. In the Create Connection dialog box, enter the **Name** of the connection. 1. **Optional:** Enter a **Description** for the connection. 1. Enter the **Username** and **Password** used to log in to **ServiceNow**. diff --git a/docs/alerts/webhook-connections/servicenow/set-up-searches.md b/docs/alerts/webhook-connections/servicenow/set-up-searches.md index 4cd58474c9..3801b8a28f 100644 --- a/docs/alerts/webhook-connections/servicenow/set-up-searches.md +++ b/docs/alerts/webhook-connections/servicenow/set-up-searches.md @@ -5,6 +5,8 @@ sidebar_label: Set Up Searches description: You can set up scheduled searches for ServiceNow integration. --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + [Scheduled searches](/docs/alerts/scheduled-searches) are saved searches that run automatically at specified intervals. When a scheduled search is set to upload search results to ServiceNow, you can combine services for round-trip investigations. You can create a brand new search, or you can base a search on an existing saved or scheduled search. If you'd like to use an existing search, you'll need to save the query as a new search to not override the search's current schedule. @@ -13,25 +15,19 @@ Before you can set up searches for ServiceNow, you'll need to configure a [Servi **To set up a search for ServiceNow integration** -1. Create the search that you would like to integrate with ServiceNow. Click **Save As** under the query currently displayed in the search box. - - ![Schedule Search](/img/connection-and-integration/ScheduleSearch.png) - +1. Create the search that you would like to integrate with ServiceNow. Click **Save As** under the query currently displayed in the search box.
Schedule search 1. In the **Save Item** dialog box, enter a **Name** for the search and an optional description. 1. Choose an option from the **Time Range** menu. 1. Click **Schedule this search**.  1. Choose an option from the **Run Frequency** menu: - * **Never.** Choose this option to temporarily **turn off a scheduled search**. * **Every 15 Minutes.** The search will run for the first time when you save the schedule, and then every 15 minutes after that. * **Hourly.** The search will run for the first time at the top of the next hour after you save the schedule, and then every hour after that. * **Every 2, 4, 6, 8, or 12 Hours.** The search will run for the first time at the top of the hour you choose. * **Daily.** Choose the time you'd like to run the search every day. A Daily search will cover exactly 24 hours of activity. You can change the schedule whenever you'd like. - 1. Choose a **Time Range** option to set the default range the scheduled search is run against. Alternately type a time range; for example, -15m to run the search against data generated in the past 15 minutes. 1. Select a **Timezone** you would like your scheduled search to use. If you do not make a selection, the scheduled search will use the timezone from your browser, which is the default selection. 1. For **Alert Condition**, choose one of the following for **Send Notification**: You can set up to a maximum of 1000 alerts per search. For either Alert Condition option, if no search results are generated by the search, no data is uploaded to ServiceNow. - * **Notify me every time upon search completion** if you want be alerted with search results every time the search is run (depending on the frequency, you could get an email every 15 minutes, every hour, or once a day). * **Notify me only if the condition below is satisfied** if you'd like to set up a scheduled search that alerts you to specific events, and then set any of the following conditions before typing a value in the text box: @@ -40,13 +36,11 @@ Before you can set up searches for ServiceNow, you'll need to configure a [Servi ::: 1. Choose an option for **Number of Results.** Depending on the search, set a condition to receive an alert by the number of results. If your saved search returns log messages, then the alert will use the number messages you specify; if your query produces aggregate results, the alert will use the number of aggregates (or groups). - * **Equal to.** Choose if there is an exact number of records in a search result at which you want to be notified. * **Greater than.** Choose if you want to be notified only if the search results include greater than that number of messages or groups you set in the text box. * **Greater than or equal to**. Choose if you want to be notified if the search results include greater than or equal to the number of messages or groups you set in the text box. * **Fewer than**. Choose if you want to be notified only if the search results include fewer than the number of messages or groups you set in the text box. * **Fewer than or equal to**. Choose if you want to be notified if the search results include fewer than or equal to the number of messages or groups you set in the text box. - 1. Choose an option: * **For Legacy ServiceNow Connections only**: 1. For Alert Type, choose ServiceNow Connection to upload search results to ServiceNow. @@ -57,5 +51,4 @@ Before you can set up searches for ServiceNow, you'll need to configure a [Servi * **For ServiceNow Connections only**: 1. For Alert Type, choose Webhook. 2. Choose connection name from the dropdown and customize the payload, if needed. - 1. Click **Save**. diff --git a/docs/alerts/webhook-connections/servicenow/set-up-security-incident-webhook.md b/docs/alerts/webhook-connections/servicenow/set-up-security-incident-webhook.md index 711d0f88d4..9e241adcd8 100644 --- a/docs/alerts/webhook-connections/servicenow/set-up-security-incident-webhook.md +++ b/docs/alerts/webhook-connections/servicenow/set-up-security-incident-webhook.md @@ -6,6 +6,8 @@ description: This page shows you how to set up a ServiceNow Incident Webhook con --- +import useBaseUrl from '@docusaurus/useBaseUrl'; + This page shows you how to set up a ServiceNow Security Incident Webhook connection and create scheduled searches for the connection. If you want to create **Events** or **ITSM Incidents** see [Set Up ServiceNow Connections](set-up-connections.md) for instructions. @@ -57,7 +59,7 @@ To set up a ServiceNow Security Incident Webhook connection: For a complete list of fields that can be sent in the payload, see the [Webhook payload variables](#webhook-payload-variables) section that follows. - ![serviceNow webhook configuration.png](/img/connection-and-integration/serviceNow-webhook-configuration.png) + serviceNow webhook configuration 1. Click **Save**. 1. After configuring the connection, continue with [Testing the connection](#testing-the-connection), then [create a scheduled search](/docs/alerts/webhook-connections/schedule-searches-webhook-connections) to send alerts to this connection. diff --git a/docs/alerts/webhook-connections/set-up-webhook-connections.md b/docs/alerts/webhook-connections/set-up-webhook-connections.md index fd5a43755a..bd14510427 100644 --- a/docs/alerts/webhook-connections/set-up-webhook-connections.md +++ b/docs/alerts/webhook-connections/set-up-webhook-connections.md @@ -278,7 +278,7 @@ After configuring the connection, click the **Test Connection** button at the This test does not use the same static IP addresses that send notifications, it uses different temporary IP addresses. -![test connection button.png](/img/connection-and-integration/test-connection-button.png) +Test connection button If the connection is successful, you'll see a message appearing in the third-party tool. This won't contain any information from the scheduled search, it will just have the text in the payload. From 5b2323006f5b6c9579e48a178d3ce7252e621c06 Mon Sep 17 00:00:00 2001 From: John Pipkin Date: Fri, 7 Nov 2025 11:28:52 -0600 Subject: [PATCH 5/5] Fix spelling error --- docs/alerts/webhook-connections/opsgenie-legacy.md | 2 +- docs/alerts/webhook-connections/opsgenie.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/alerts/webhook-connections/opsgenie-legacy.md b/docs/alerts/webhook-connections/opsgenie-legacy.md index ea1636caa3..5c642630fe 100644 --- a/docs/alerts/webhook-connections/opsgenie-legacy.md +++ b/docs/alerts/webhook-connections/opsgenie-legacy.md @@ -28,7 +28,7 @@ To add a Sumo Logic integration in Opsgenie, do the following: Your final configurations at Opsgenie should look like this: -Webhook intergration example +Webhook integration example ## Configuration on Sumo Logic diff --git a/docs/alerts/webhook-connections/opsgenie.md b/docs/alerts/webhook-connections/opsgenie.md index b96d603d6f..3ae268a2f4 100644 --- a/docs/alerts/webhook-connections/opsgenie.md +++ b/docs/alerts/webhook-connections/opsgenie.md @@ -28,7 +28,7 @@ To add a Sumo Logic integration in Opsgenie, do the following: ::: 1. Click **Save Integration**. -Your configuration in Opsgenie should look something like the following:
Webhook intergration example +Your configuration in Opsgenie should look something like the following:
Webhook integration example ## Configuration in Sumo Logic